Privacy or security of information is desirable in many applications. Data encryption techniques have been developed to increase the security or privacy of information (including text, images, data streams, and the like) by encoding the information to limit unauthorized access. Many such encryption techniques utilize a “key” based on a particular algorithm to change the sequence or format of the information (“plaintext”) so that the information is enciphered or “scrambled” into an unintelligible form (“ciphertext”). The information may be recovered using a “key” that is constructed based on the encryption method. However, an unauthorized user, who does not have the knowledge of either the encryption algorithm (or method) or the “key”, cannot easily decode the information.
In general, cryptosystems are devices that are adapted to encrypt information. Cryptosystems can be symmetrical systems (symmetric key systems) or asymmetrical systems (public-private key systems). Symmetrical systems are typically based on functions that can be easily computed but for which the inverse functions are extremely difficult to compute. Asymmetrical systems typically utilize a secret key which is not shared by the communicating devices, such that an eavesdropper must guess this secret key among numerous possibilities in order to gain access to the ciphertext. Symmetrical and asymmetrical encryption techniques may be applied to data stored in storage devices, to data transmitted over a communication channel, or to any other device or in any circumstance where it is desirable to secure information from unauthorized access. No matter which technique is used, protection of the secret or private key is vital to maintaining the integrity of the data security.
In a storage device that offers hardened security features, a root key may be used by the device to encrypt information as a symmetric key or to derive public/private key pairs. The term “root key” refers to a primary secret or private key of a cryptographic subsystem. As used herein, the term “cryptographic” pertains to various means and methods of rendering plain text unintelligible and of reconverting cipher text into an intelligible form. A cryptographic subsystem is one which uses cryptographic techniques to render information unintelligible in its stored form, and which may also reconvert the encrypted (cipher) text back into an intelligible form in response to a request by an authorized entity or user. Generally, the root key serves as the encryption key for the storage of all other keys, and discovery of the root key typically constitutes a root breach of the integrity of the subsystem. Thus, it is important to maintain the root key as a secret.
The root key may be provided to the storage device via a number of techniques including programming the key at the factory, deriving the key from a random number generator, or providing a means for the user to program the key at drive installation. If the root key is programmed in the factory, it is conceivable that an insider could steal the keys and attack the corresponding drives after they are sold. If a random number generator is used, the generator must generate truly random numbers rather than easily recoverable random-looking numbers. If the user programs the key, the system may need to include additional complexity (such as requiring the user to insert a patch cable or wire to connect adjacent exposed pins on a printed circuit board that control the functionality of the card) and may be inconvenient for the user.
Many technologies have been investigated to provide root key memory storage. These technologies include flash, EEPROM, MR RAM (MRAM), Ferro RAM (FRAM), fuses and anti-fuses, and the like. Such systems have various limitations including size and cost. Moreover, such systems require that the key value be “programmed” into memory, meaning that the root key is programmed. All of these technologies are suitable for realizing the root key as described above.
The Chip ID or silicon ID is a chip-identifying technology that has been used by various application-specific integrated-circuit (ASIC) suppliers and companies. The silicon ID is typically hundreds of bits long, and is not programmed, but rather it is created when the chip is created and recreated (or re-established) each time the chip is powered. The silicon ID itself is a function of the natural randomness of the threshold voltage (Vt) in a silicon transistor or some similar hardware technique. Each ID bit is created by a transistor pair with a comparator to compare the output of each transistor. In general, a comparator is a name given to an electronic component or arithmetic circuit for comparing the relative sizes of two binary numbers. The comparator is configured to make a comparison to determine whether a signal voltage is higher or lower than a certain reference level, which is indicative of a line of demarcation between a logical “1” or a logical “0”. Thus, a comparator receives two or more inputs, compares the two inputs, and produces a single output representative of the two inputs. In the present invention, the comparator may be any logical or arithmetic circuit adapted to produce a single output from two or more inputs. Depending on the natural randomness in the threshold voltage (Vt) of each transistor, each comparator will read either a “0” or a “1” value. A plurality of comparator output voltages forms a physical silicon ID.
Due to the random nature of the threshold voltage, some transistor pairs will probabilistically have very similar threshold voltage values. The silicon ID produced however is statistically unique, meaning that it can be determined with relatively high probability which ID measured in the field corresponds to an ID recorded in the factory. Silicon ID technology has been used primary by ASIC suppliers and ASIC consumers as an inexpensive way to achieve an ASIC-tracking ID without adding expensive memory technology. Typically, this ASIC-tracking ID is used with wafer lot and other process information for debug analysis.
There is a need in the storage industry for hardened security features, and more particularly, for hardened security features that cannot readily be bypassed by a determined hacker. Furthermore, there is a need in the storage industry for a technique of creating an encryption key for use in encryption algorithms built into the storage subsystem, wherein the encryption key cannot be reverse engineered or detected by eavesdropping or hacking the controller circuit. Embodiments of the present invention provide solutions to these and other problems, and offer other advantages over the prior art.